Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/I5nX4hge4KW7aWqDZpvHzOzTqgA.roa
File: I5nX4hge4KW7aWqDZpvHzOzTqgA.roa (raw, json)
Hash identifier: EjIq7Q15dwD2Ml4qiaYt/nspc+cycGhmgvS2dB0bBNM=
Subject key identifier: 23:99:D7:E2:18:1E:E0:A5:BB:69:6A:83:66:9B:C7:CC:EC:D3:AA:00
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 018529C63B8536842D34A6E2C7C3E611B115
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/I5nX4hge4KW7aWqDZpvHzOzTqgA.roa
Signing time: Mon 19 Dec 2022 09:45:35 +0000
ROA not before: Mon 19 Dec 2022 09:45:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.63.0/24 maxlen: 24
94.240.62.0/23 maxlen: 23
91.106.30.0/23 maxlen: 23
94.240.0.0/19 maxlen: 19
91.106.26.0/23 maxlen: 23
94.240.23.0/24 maxlen: 24
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:29:c6:3b:85:36:84:2d:34:a6:e2:c7:c3:e6:11:b1:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Dec 19 09:45:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2399d7e2181ee0a5bb696a83669bc7ccecd3aa00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:3a:b3:13:0a:d5:bd:5c:73:09:b9:40:d7:3f:
77:38:92:94:30:07:a6:89:be:76:e3:8a:d6:aa:36:
9a:8f:36:b7:46:ea:20:c6:6a:b0:5e:f5:3c:74:c0:
4e:cc:4c:6e:09:70:dc:61:96:27:8e:83:94:69:5e:
01:06:39:2a:9f:12:cb:45:9a:d7:32:b8:e8:26:ae:
aa:7f:27:86:e9:d1:b0:a4:c4:2b:9b:fb:a4:a2:88:
0a:d8:9d:66:6c:d5:a2:9e:bd:1a:9c:e8:d7:41:8f:
12:c2:84:ad:12:b1:94:06:e6:81:69:c9:0b:61:db:
1c:13:fb:1a:d1:28:f7:01:ac:e0:d2:14:72:99:88:
7c:b1:96:b5:2d:6e:4a:73:de:de:8f:35:0b:6d:23:
a6:66:87:f5:dc:44:40:d0:0f:5d:07:ec:3c:15:49:
dd:0a:c4:e5:f3:d1:c8:31:74:28:e3:b6:a0:6f:c2:
c8:03:61:ec:11:dd:04:09:c6:9b:9e:ff:dc:aa:c8:
63:27:3a:88:4c:32:1a:18:73:ab:0c:f1:8e:25:78:
42:7c:15:39:83:20:64:b2:dc:b9:02:9f:0a:30:ec:
2d:f3:ea:ce:4d:54:bb:c2:1a:65:9b:e1:e4:f4:82:
3b:e9:5d:ef:71:cf:02:57:0f:77:4b:40:4d:ac:2e:
04:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:99:D7:E2:18:1E:E0:A5:BB:69:6A:83:66:9B:C7:CC:EC:D3:AA:00
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/I5nX4hge4KW7aWqDZpvHzOzTqgA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.55.255
94.240.62.0/23
185.139.16.0/22
194.152.46.0/23
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
87:18:63:b3:c8:e6:a8:65:5d:ed:b4:6c:9f:93:a8:72:f4:46:
d3:bc:4e:ff:c2:c1:3c:2c:39:19:f6:55:91:11:f2:2b:3d:e4:
16:d9:1f:c0:db:7a:9f:cb:51:b4:01:e7:30:67:f5:b1:9e:ce:
6b:3d:57:77:35:84:59:47:4e:0e:46:5b:e5:08:27:b0:6a:79:
8f:a1:ae:65:1c:f1:0f:ad:56:2e:23:15:2d:f4:67:9f:5e:39:
31:c4:21:ad:7f:3b:d0:ae:eb:d4:60:63:b3:2a:ea:7f:f5:27:
6e:99:d3:be:db:c4:f8:13:3b:e9:6c:6b:9c:5b:57:87:17:a6:
56:e9:f0:3a:5c:80:b3:81:d0:33:8a:1c:ff:58:79:d8:e6:a5:
b0:b1:65:5d:4c:a0:5b:b0:62:a3:93:72:26:fa:fd:b5:7e:3f:
97:66:a9:50:cb:a5:57:91:36:ad:41:0d:fd:f3:ba:0b:89:a6:
fa:f3:b8:16:07:04:0c:51:c8:f4:47:b1:07:a6:23:43:c6:f1:
e1:07:6f:78:55:54:e0:61:56:d8:a8:04:2c:ab:4c:17:a4:c6:
4d:07:96:02:03:71:44:58:0d:92:56:fe:06:bf:c4:f1:26:da:
e9:7c:97:4f:97:e5:45:70:24:6c:7e:88:fc:73:de:52:f4:fb:
4b:61:6d:aa
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYUpxjuFNoQtNKbix8PmEbEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjIxMjE5MDk0NTM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzk5ZDdlMjE4MWVlMGE1YmI2OTZhODM2NjliYzdjY2VjZDNhYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDqzEwrVvVxzCblA1z93OJKUMAem
ib5244rWqjaajza3RuogxmqwXvU8dMBOzExuCXDcYZYnjoOUaV4BBjkqnxLLRZrX
MrjoJq6qfyeG6dGwpMQrm/ukoogK2J1mbNWinr0anOjXQY8SwoStErGUBuaBackL
YdscE/sa0Sj3Aazg0hRymYh8sZa1LW5Kc97ejzULbSOmZof13ERA0A9dB+w8FUnd
CsTl89HIMXQo47agb8LIA2HsEd0ECcabnv/cqshjJzqITDIaGHOrDPGOJXhCfBU5
gyBksty5Ap8KMOwt8+rOTVS7whplm+Hk9II76V3vcc8CVw93S0BNrC4EFwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFCOZ1+IYHuClu2lqg2abx8zs06oAMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvSTVuWDRoZ2U0S1c3YVdxRFpwdkh6T3pUcWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBFBAIAATA/AwQCW2oYAwQB
W2oeMAsDAwRe8AMEAF7wKAMEAF7wKjAMAwQCXvAsAwQDXvAwAwQBXvA+AwQCuYsQ
AwQBwpguMA0EAgACMAcDBQAqAW6AMA0GCSqGSIb3DQEBCwUAA4IBAQCHGGOzyOao
ZV3ttGyfk6hy9EbTvE7/wsE8LDkZ9lWREfIrPeQW2R/A23qfy1G0AecwZ/Wxns5r
PVd3NYRZR04ORlvlCCewanmPoa5lHPEPrVYuIxUt9GefXjkxxCGtfzvQruvUYGOz
Kup/9SdumdO+28T4EzvpbGucW1eHF6ZW6fA6XICzgdAzihz/WHnY5qWwsWVdTKBb
sGKjk3Im+v21fj+XZqlQy6VXkTatQQ3987oLiab687gWBwQMUcj0R7EHpiNDxvHh
B294VVTgYVbYqAQsq0wXpMZNB5YCA3FEWA2SVv4Gv8TxJtrpfJdPl+VFcCRsfoj8
c95S9PtLYW2q
-----END CERTIFICATE-----
Generated at Sun May 11 04:06:26 2025 by rpki-client